Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2023-03-14 CVE-2023-27894 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally.
network
low complexity
sap
5.3
2023-03-14 CVE-2023-27895 Unspecified vulnerability in SAP Authenticator 1.3.0
SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device.
network
low complexity
sap
6.5
2023-03-14 CVE-2023-27896 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability.
network
low complexity
sap
7.5
2023-03-14 CVE-2023-0021 Unspecified vulnerability in SAP Netweaver
Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting.
network
low complexity
sap
6.1
2023-03-14 CVE-2023-23857 Unspecified vulnerability in SAP Netweaver Application Server for Java 7.50
Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services across systems.
network
low complexity
sap
8.6
2023-03-14 CVE-2023-24526 Unspecified vulnerability in SAP Netweaver Application Server Java 7.50
SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges.
network
low complexity
sap
5.3
2023-03-14 CVE-2023-25615 Unspecified vulnerability in SAP Abap Platform
Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data.
network
low complexity
sap
4.9
2023-03-14 CVE-2023-25616 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges.
network
low complexity
sap
8.8
2023-03-14 CVE-2023-25617 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK.
network
low complexity
sap
8.8
2023-03-14 CVE-2023-25618 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable.
network
low complexity
sap
6.5